oss-sec mailing list archives
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws
From: "Christey, Steven M." <coley () mitre org>
Date: Thu, 18 Jul 2013 21:33:21 +0000
Andrew Nacin said:
So, CVE-2013-4145 is a duplicate of CVE-2012-3414, *not* of CVE-2012-2399.
OK, thanks for the clarification. I found some additional clarity in your announcement of the SWFUpload fork: http://make.wordpress.org/core/2013/06/21/secure-swfupload/
That said, given that CVE-2012-2399 was not publicly described at the time, I would not be surprised if one or more CVEs have been issued for the same XSS via buttonText at one point.
Oh, me neither. Think I ran across a couple examples already. - Steve
Current thread:
- SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)